Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOX Compliance SOX Section 302 Certification

Published byEdgar Watts Modified over 9 years ago

Similar presentations

Presentation on theme: "SOX Compliance SOX Section 302 Certification"— Presentation transcript:

1 SOX Compliance - 2013 SOX Section 302 Certification
Ernst & Young Fees & Hiring EY staff

2 SOX SOX

3 What is SOX? The Sarbanes–Oxley Act is a federal law that requires public companies to set up an internal system of control to insure that: Reduce the potential of fraud Financial Statements are accurate Top management has certified the above Protect the investors through actions above Restore faith in public markets

4 What is key control? A key control is a control that provides reasonable assurance that material errors will be prevented or detected in a timely manner

5 SOX – key controls VeriFone has identified 11 key process cycles: Entity Level Controls Order to Cash Procure to Pay Inventory Fixed Assets Payroll / HR Financial Statement Close Process (FSCP) Information Technology Tax Treasury Equity

6 SOX – ENTITY LEVEL CONTROLS
Entity level controls are internal controls that help ensure management directives pertaining to the entire entity are carried out. These are VeriFone’s code of conduct policy, governance (board and committees of the board oversight), authority and responsibility (authority matrix and 302 certifications), hiring practices (background checks), fraud prevention and detection controls (ethics hotline)

7 SOX – ENTITY LEVEL CONTROLS
Reminders: We have ZERO tolerance on unethical behavior and fraud. We have an ethics hotline you can call Accounting records should be properly supported. You are responsible to read and understand all our policies.

8 Controls – entity level controls
Key Controls (20) Common Issues Requirements Policies and Procedures Code of Ethics Whistleblower Process Authorization Matrix Background checks Operating plan Internal Audit function Budget to Actual Audit comments are addressed Knowledge of code and reporting process Performance of background checks Following the operating plan Responding to auditors Not following policy Not signing code of ethic acknowledgment Legal/practical difficulties with background checks No timely response to auditors

9 Controls – order to cash
Key Controls (21) Common Issues Requirements Bad Debt Reserve is reviewed and approved AR adjustments are reviewed and approved Revenue is recognized as per policy Invoice data interfaces are monitored Quarterly revenue cutoff is performed Specific and General reserve AR adjustment matrix Revenue Recognition policy Logs/exceptions Any non ex-works shipping terms must be reviewed Documentation inadequate Not running or retaining exception reports Not performing cutoff entirely

10 Controls – procure to pay
Key Controls (12) Common Issues Requirements Accruals are recorded 3 – way match Manual accruals are reviewed and approved Invoices are supported and approved GL coding is accurate All significant contingencies must be disclosed All unprocessed invoices at period end must be reviewed Non-inventory invoices have to be approved prior to entry Invoice audits are not performed Coding to wrong GL account Not all accruals are recorded Not all contingencies are disclosed

11 Controls – inventory Inventory Key Controls (22) Common Issues Requirements Cycle/Physical counts results are reviewed and approved Doc Walk is performed CM liability is approved by each controller Warranty reserves are reviewed and approved Cycle count policy Last 5 / First 5 All liabilities with CM must be included Warranty reserve calculation Adjustments not documented or approved Doc walk is not done or evidence is lacking

12 Controls – fixed assets
Key Controls (4) Common Issues Requirements Additions, disposals and depreciation are recorded based on policy All additions should be supported All disposals must use a disposal form Depreciation should be calculated by system and verified Disposals not approved Incorrect in service dates of assets Depreciation calculated wrong

13 Controls – financial close process
Financial Statement Close Process Key Controls (22) Common Issues Requirements Flux analysis of actual results is performed via conference call 302 Certifications are completed Significant variances must be investigated and explained CEO and CFO are required to sign before filing Insufficient explanations Inadequate disclosures .

14 Controls – financial close process
Financial Statement Close Process Key Controls (22) Common Issues Requirements Shared Controls All BS accounts are reconciled timely All Manual JE are reviewed and approved Timely = before date noted on closing calendar Reconciled = entire balance explained Reviewed = determined the item is correct Approved = signature or AR AP Deferred Revenue Inventory Fixed Assets Items are not accurate Late/No approval Items in reconciliation not included with reconciliation Approval inadequate

15 Controls – payroll Commissions are approved by Regional Controller
Key Controls (6) Common Issues Requirements Commissions are approved by Regional Controller New employees are approved, Payroll reports monitored for unusual activity Review and documentation of approval for commission calculation Approval of any new employee prior to adding to payroll Must compare current payroll expense to prior Improperly documented payroll reconciliation No approval for new hire

16 Controls – ITGC (Information Technology general controls)
Key Controls (13) Common Issues Requirements ERP – Oracle System Controls User access approval Segregation of Duties Although these are system related in many instances there are manual parts of the control Relying on system while not performing manual portion of control Relying on system, when underlying is not system controlled or does not include all instances

17 SOD (segregation of duties) conflicts
SOD conflicts exist because of incompatible duties that a single person or group of persons may have, which elevates the risk associated with potential fraudulent activity SOD reviews are performed in each location to identify SOD conflicts and mitigate through approved testing Each location will identify conflicting activity and perform tests to mitigate the risk associated with the underlying SOD conflict SOD conflicts are based on 9 policies

18 SOD Conflicts Policy Number 2012 Policy Name P01
AR Customers Credit and Sales Orders P03 AP Invoices/Expense Reports and AP Vendors P04 AP Invoices/Expense Reports and Purchase Orders P05 AP Payments and AP Invoices/Expense Reports P06 AR Invoices and AR Customers Credit P07 AR Invoices and AR Cash Receipts P09 Purchase Orders and AP Payments P10 Purchase Order and Purchase Order Receipts P13 Ship Confirm and Sales Orders

19 Controls – TAX Tax JE are approved VP of Tax
Key Controls (10) Common Issues Requirements Tax JE are approved VP of Tax Tax positions or events in each jurisdiction are reported Unusual events triggering tax planning should be reported Not reporting events or disregarding tax strategies Local tax audits potential adjustments disclosed too late

20 Controls – TREASURY Borrowing policy
Key Controls (7) Common Issues Requirements Borrowing policy Investments are periodically evaluated Loan covenants are monitored Hedging strategy is reviewed and approved prior to execution All financing is subject to borrowing policy Investments must be monitored Everyone is responsible for covenant compliance Hedging should be approved Not aware of policy restrictions Misclassification of investments Not being aware of covenants

21 Controls – equity Equity awards are approved
Key Controls (7) Common Issues Requirements Equity awards are approved Grants are reconciled to 3rd party data Cancelations, vesting, etc are monitored Proper expense is recorded All new plans must be approved All grants must be recorded and approved Communicating grants without authorization Not terminating grants timely in system

22

23 SOX – KEY CONTROLS TESTING
Key controls testing is determined by the frequency of the control. Our current planned testing timetable is as follows: For legacy entities: Phase 1 in May to July for transactions from November to May; Phase 2 in September to October for transaction from June to August; Phase 3 in November for transactions from September to October; For Point entities: Phase 1 in August to September for July transactions; Phase 2 in September to October for transactions from August to September; Phase 3 in November for transactions in October. Controls are not a deficiency at year end if it has been working before October 31, 2013 for the following frequency: Annual – Once; Quarterly – Last 2 quarters; Monthly – Last 2 months; Weekly – Last 5 weeks; and Transactional – Last 25 transactions

24 SOX – SOX Deficiencies ASSESSMENT
If a key control has not been working for the minimum period immediately prior to year end then it is considered a deficiency. Deficiency assessment starts with realization of whether there is a possibility that the deficiency might result in a error. If there is a reasonable possibility then we need to identify the magnitude of the potential error. The quantitative and qualitative factors are considered to determine if it is a material, significant or control deficiency. SOX require that we look at the potential error that could result from the key control not working. If there was a an error of $2K in a reconciliation of $200 million, SOX require us to start the assessment at $200 million. We have to ask the local finance team what factors or other key controls will help us reduce the risk of not having an error of the entire $200 million.

25 Section 302 Sub-Certification

26 SECTION 302 Sub-certification
On Section 302(a) of the Sarbanes– Oxley Act VeriFone’s CEO and CFO are required to make certain certifications regarding the presentation of the financial statements After the close of each quarter designated members of VeriFone management are sent representation letters for review, signature and explanation. Any exceptions in the representations are noted in a memo that is addressed to VeriFone’s CEO and CFO The Sub-certification process provides assurances to the CEO and CFO so they can make the appropriate certifications

27 Ernst & Young Fees and Hiring EY Staff
ERNST & YOUNG FEES & Hiring EY staff Ernst & Young Fees and Hiring EY Staff

28 ERNST & YOUNG FEES & Hiring EY staff
Our auditor Ernst & Young (“E&Y”) have to be independent from VeriFone VeriFone cannot engage E&Y or anyone related to E&Y to perform any work without the approval of VeriFone’s audit committee. Please submit any request through the Corporate Controller. There are NO EXCEPTIONS This includes hiring any E&Y staff or their family members

29 Q&A

Download ppt "SOX Compliance SOX Section 302 Certification"

Similar presentations

Auditing Cash and other Liquid Assets

Auditing Cash and other Liquid Assets
FINANCIAL MANAGEMENT SYSTEM Balance sheet Profit and loss Sales Claims/Warranty Stock Payroll Purchases Assets Cash Taxation Borrowings Risk DisclosuresManagement.

FINANCIAL MANAGEMENT SYSTEM Balance sheet Profit and loss Sales Claims/Warranty Stock Payroll Purchases Assets Cash Taxation Borrowings Risk DisclosuresManagement.
The Office Procedures and Technology

The Office Procedures and Technology
Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.

Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.
Identify the key elements of a strong system of internal control.

Identify the key elements of a strong system of internal control.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
AUDIT OF CASH.

AUDIT OF CASH.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Internal Control Over Governmental Financial Reporting Presented by Israel Gomez, CPA, Partner Marc Grace, CPA, Manager.

Internal Control Over Governmental Financial Reporting Presented by Israel Gomez, CPA, Partner Marc Grace, CPA, Manager.
Purchases & Cash Disbursements Transactions By David N. Ricchiute

Purchases & Cash Disbursements Transactions By David N. Ricchiute
ACCT 100 Chapter 7 Internal Control and Cash Internal Control and Managing Cash 2 Objectives of the Chapter 1. Introduce the internal control to safeguard.

ACCT 100 Chapter 7 Internal Control and Cash Internal Control and Managing Cash 2 Objectives of the Chapter 1. Introduce the internal control to safeguard.
Utility Accounting and Auditing MRWA 34 th Annual Conference December 11, 2014.

Utility Accounting and Auditing MRWA 34 th Annual Conference December 11, 2014.
The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.

The TRUTH About SOX, Auditors & Oracle Applimation is the leading provider of Application Lifecycle Management solutions.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Accounts Receivable, Notes Receivable and Revenue

Accounts Receivable, Notes Receivable and Revenue
Day in the life of an Internal Auditor

Day in the life of an Internal Auditor
AUDITING CHAPTER 14 Control & Substantive Tests in Personnel & Payroll

AUDITING CHAPTER 14 Control & Substantive Tests in Personnel & Payroll
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.

INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.

Similar presentations

Ads by Google